<?php
/*
+-----------------------------------------------------------------------------+
| $Id: *.php 2009-08-18 08:41:22Z Bleakwind $
| Copyright (c) 2003-2010 Bleakwind (www.weaverdream.com)
| http://www.weaverdream.com/
+-----------------------------------------------------------------------------+
*/

if (!defined( 'ENTRY_INDEX')){
    echo "<h1>Forbidden</h1><p>You don't have permission to access on this server.</p>";
    exit;
}

$setting_attach['length']       = $CONFIG['max_post_attach_length'];
$setting_attach['size']         = $CONFIG['max_post_attach_size'];
$setting_attach['type']         = $CONFIG['max_post_attach_type'];
$setting_attach['brief_length'] = $CONFIG['max_post_attach_brief_length'];
$setting_attach['number']       = $CONFIG['max_post_attach_number'];
$setting_attach['dir']          = date("Y")."/".date("Ym")."/".date("Ymd")."/";

if( !preg_match("/^[1-9][0-9]*$/",$sys->get['channel_id']) ){
    $sys->prompt("failed",$LANGUAGE['s']['post']['channel_id_error']."<!-- channel_id error -->");
} else {
    $channel_info = $sys->return_channel_info($sys->get['channel_id']);

    if( !preg_match("/^[1-9][0-9]{0,10}$/",$channel_info['id']) ){
        $sys->prompt("failed",$LANGUAGE['s']['post']['channel_id_not_exist']."<!-- channel_id not exist -->");
    } elseif ($channel_info['if_enable'] != "1") {
        $sys->prompt("failed",$LANGUAGE['s']['post']['channel_id_not_enable']."<!-- channel_id not enable -->");
    } else {

        if ($ADMIN['ag_privilege']['topic'] == "1" || ($ADMIN['ag_privilege']['topic'] == "3" && $channel_info['channel_manage_admin_id'] != "")) {
            $ag_privilege_topic = "1";
        } else {
            $ag_privilege_topic = "2";
        }

        if ($ADMIN['ag_privilege']['channel_passinto'] == "1" || ($ADMIN['ag_privilege']['channel_passinto'] == "3" && $channel_info['channel_manage_admin_id'] != "")) {
            $ag_privilege_channel_passinto = "1";
        } else {
            $ag_privilege_channel_passinto = "2";
        }

        if ($ADMIN['ag_privilege']['channel_lockpost'] == "1" || ($ADMIN['ag_privilege']['channel_lockpost'] == "3" && $channel_info['channel_manage_admin_id'] != "")) {
            $ag_privilege_channel_lockpost = "1";
        } else {
            $ag_privilege_channel_lockpost = "2";
        }

        if ($ADMIN['ag_privilege']['channel_lockreply'] == "1" || ($ADMIN['ag_privilege']['channel_lockreply'] == "3" && $channel_info['channel_manage_admin_id'] != "")) {
            $ag_privilege_channel_lockreply = "1";
        } else {
            $ag_privilege_channel_lockreply = "2";
        }

        if ($ADMIN['ag_privilege']['channel_lockedit'] == "1" || ($ADMIN['ag_privilege']['channel_lockedit'] == "3" && $channel_info['channel_manage_admin_id'] != "")) {
            $ag_privilege_channel_lockedit = "1";
        } else {
            $ag_privilege_channel_lockedit = "2";
        }

        if ($ADMIN['ag_privilege']['channel_lockdel'] == "1" || ($ADMIN['ag_privilege']['channel_lockdel'] == "3" && $channel_info['channel_manage_admin_id'] != "")) {
            $ag_privilege_channel_lockdel = "1";
        } else {
            $ag_privilege_channel_lockdel = "2";
        }

        if( $MEMBER['mg_privilege']['if_forbidpost'] == "1" && $ag_privilege_topic != "1" ){
            $sys->prompt("failed",$LANGUAGE['s']['post']['forbid_post']."<!-- forbid_post -->");
        } elseif( $channel_info['if_lock'] == "1" && $ag_privilege_topic != "1" && $ag_privilege_channel_lockpost != "1" ){
            $sys->prompt("failed",$LANGUAGE['s']['post']['if_lock_yes']."<!-- if_lock_yes -->");
        } else {
            
            $sys->return_channel_current($channel_info['id']);
            $trans_list         = $sys->return_trans_list($channel_info['id']);
            $icon_topic_list    = $sys->return_icon_topic_list();

            $attach_list            = "attach_list";
            $attach_type            = "add";
            $attach_where           = $MEMBER['id'];
            $attach_table           = DB_TABLE_POST_ATTACH;
            $attach_dir             = $SETTING['dir_post_attach'];
            list($attach_list_result, $attach_list_result_js) = $sys->return_post_attach_list($attach_list,$attach_type,$attach_where,$attach_table,$attach_dir);
            $attach_list_result_js  = trim($attach_list_result_js);
            if (!empty($attach_list_result_js)) {
                $attach_list_result     = $attach_list_result."\n<script type=\"text/javascript\">\n<!-- \n".$attach_list_result_js."\n //-->\n</script>\n";
            }

            $t->assign(array(
                "attach_list_result"    => $attach_list_result,
            ));
            
            // attach ajax
            function upload_submit($form,$action,$prompt)  
            {
                global $LANGUAGE,$LANGLIST,$SETTING,$setting_attach;
                $ajax_response = new xajaxResponse();
                $ajax_response->assign($prompt, "innerHTML", "<img src=\"".$SETTING['dir_images']."/loading.gif\" border=\"0\" align=\"absmiddle\" />");
                $ajax_response->remove($form."_upload_target");
                $ajax_response->append($prompt, "innerHTML", "<iframe id=\"".$form."_upload_target\" name=\"".$form."_upload_target\" width=\"0\" height=\"0\" scrolling=\"no\" frameborder=\"0\" src=\"about:blank\" style=\"display:none;\"></iframe>");
                $ajax_response->assign($form,"action",$action);
                $ajax_response->assign($form,"target",$form."_upload_target");
                $ajax_response->script("document.".$form.".submit();");
                return $ajax_response;
            }
            $bwajax->register(XAJAX_FUNCTION, "upload_submit");
            function attach_upload_return($state,$type,$search,$form,$file_input,$input_value,$submit,$list,$detail_input,$prompt,$msg)
            {
                global $LANGUAGE,$LANGLIST,$SETTING,$MEMBER,$MEMBER,$setting_attach,$sys;
                $ajax_response = new xajaxResponse();
                $ajax_response->assign($form,"action","javascript:void(null);");
                $ajax_response->assign($form,"target","_self");

                if ($state == "1") {
                    $ajax_response->assign($detail_input, "value", "");
                    $ajax_response->assign($file_input, "innerHTML", $input_value);
                }

                $attach_list    = $list;
                $attach_type    = "add";
                $attach_where   = $search;
                $attach_table   = DB_TABLE_POST_ATTACH;
                $attach_dir     = $SETTING['dir_post_attach'];
                list($file_str, $file_str_js) = $sys->return_post_attach_list($attach_list,$attach_type,$attach_where,$attach_table,$attach_dir);

                $ajax_response->assign($list,"innerHTML",$file_str);
                $ajax_response->script($file_str_js);

                $ajax_response->assign($prompt, "innerHTML", $msg);
                $ajax_response->assign($submit,"disabled",false);
                return $ajax_response;
            }
            $bwajax->register(XAJAX_FUNCTION, "attach_upload_return");
            function attach_get($type,$search,$file_input,$file,$submit,$list,$detail_input,$brief,$prompt)
            {
                global $LANGUAGE,$LANGLIST,$SETTING,$MEMBER,$MEMBER,$setting_attach,$sys;
                $ajax_response = new xajaxResponse();
                //$ajax_response->alert(print_r($value['brief'], true)); return $ajax_response;

                $attach_filetype = explode(",",$setting_attach['type']);
                if (empty($file)) {
                    $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['post']['attach_get_url_empty']."</span>");
                    $ajax_response->assign($submit,"disabled",false);
                }else{
                    preg_match("/([^\/.]*)\.[^\/.]*$/", $file, $name_primal); $name_primal = $name_primal[1]; 
                    preg_match("/[^\/.]*(\.[^\/.]*)$/", $file, $name_extend); $name_extend = $name_extend[1];
                    if (empty($name_primal)) {
                        $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['post']['attach_get_name_failed']."</span>");
                        $ajax_response->assign($submit,"disabled",false);
                    } elseif (!preg_match("/[a-z0-9\.]{1,9}/i", $name_extend) || !in_array($name_extend, $attach_filetype)) {
                        $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['post']['attach_get_type_error']."<!-- file type error --></span>");
                        $ajax_response->assign($submit,"disabled",false);
                    } else{
 
                        $result_state = "1";
                        $brief = empty($brief) ? func::str_cut($name_primal.$name_extend, 0, $setting_attach['brief_length']) : $brief;

                        $member_id = $search;
                        if (!preg_match("/^[1-9][0-9]*$/",$member_id)){
                            $result_state = "0";
                            $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['post']['attach_get_post_id_error']."<!-- member_id error --></span>");
                            $ajax_response->assign($submit,"disabled",false);
                        } elseif (func::db_count_record(DB_TABLE_POST_ATTACH, "post_id=0 AND member_id=".$member_id) >= $setting_attach['number']){
                            $result_state = "0";
                            $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".sprintf($LANGUAGE['s']['post']['attach_get_total_full'],$setting_attach['number'])."<!-- number error --></span>");
                            $ajax_response->assign($submit,"disabled",false);
                        } elseif (mb_strwidth($brief,"UTF-8") > $setting_attach['brief_length']){
                            $result_state = "0";
                            $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".sprintf($LANGUAGE['s']['post']['attach_get_brief_full'],$setting_attach['brief_length'])."<!-- brief error --></span>");
                            $ajax_response->assign($submit,"disabled",false);
                        } else {
                            $dir    = $setting_attach['dir'];
                            $path   = $SETTING['dir_post_attach']."/".$dir;

                            $filename       = "";
                            $file_notexists = false;
                            while($file_notexists === false){
                                $name_base = func::return_lenstr(sha1($name_primal.microtime()),$setting_attach['length']);
                                $filename = $name_base.$name_extend;
                                if(!file_exists($target_dir.$filename)) {
                                    $file_notexists = true;
                                }
                            }

                            if (!file_exists($path)) { func::make_dir($path); }
                            if (!@copy($file, $path.$filename)) {
                                $result_state = "0";
                                $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['post']['attach_get_file_failed']."<!-- copy error --></span>");
                                $ajax_response->assign($submit,"disabled",false);
                            } else {
                                $sql_data = array(
                                    "brief"             => "'".addslashes($brief)."'",
                                    "dir"               => "'".$dir."'",
                                    "filename"          => "'".$filename."'",
                                    "post_id"           => "'0'",
                                    "member_id"          => "'".(int)$MEMBER['id']."'",
                                    "time"              => $sys->nowtime,
                                    "down"              => "0",
                                );
                                $result = func::db_insert(DB_TABLE_POST_ATTACH, $sql_data);
                                if (!$result) {
                                    if (file_exists($path.$filename)) {
                                        @chmod($path.$filename, $SETTING['chmod_mode_file']);
                                        @unlink($path.$filename);
                                    }
                                    $result_state = "0";
                                    $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['post']['attach_get_updatedb_failed']."<!-- db update error --></span>");
                                    $ajax_response->assign($submit,"disabled",false);
                                }
                            }
                        }

                        if ($result_state == "1"){

                            $attach_list    = $list;
                            $attach_type    = "add";
                            $attach_where   = $search;
                            $attach_table   = DB_TABLE_POST_ATTACH;
                            $attach_dir     = $SETTING['dir_post_attach'];
                            list($file_str, $file_str_js) = $sys->return_post_attach_list($attach_list,$attach_type,$attach_where,$attach_table,$attach_dir);

                            $ajax_response->assign($list,"innerHTML",$file_str);
                            $ajax_response->script($file_str_js);

                            $ajax_response->assign($file_input, "value", "");
                            $ajax_response->assign($detail_input, "value", "");
                            $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_succeed\">".$LANGUAGE['s']['post']['attach_get_file_succeed']."<!-- get file succeed --></span>");
                        }

                        $ajax_response->assign($submit,"disabled",false);
                    }
                }
                return $ajax_response;
            }
            $bwajax->register(XAJAX_FUNCTION, "attach_get");
            function attach_del($type,$search,$del,$list)
            {
                global $LANGUAGE,$LANGLIST,$SETTING,$MEMBER,$MEMBER,$setting_attach,$sys;
                $ajax_response = new xajaxResponse();

                $result_state = "1";

                $member_id = $search;
                if (!preg_match("/^[1-9][0-9]*$/",$member_id)){
                    $result_state = "0";
                    $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['post']['attach_del_post_id_error']."<!-- member_id error --></span>");
                    $ajax_response->assign($submit,"disabled",false);
                } else {
                    if (!preg_match("/^[1-9][0-9]*$/",$del)){
                        $result_state = "0";
                        $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['post']['attach_del_attach_id_error']."<!-- del error --></span>");
                        $ajax_response->assign($submit,"disabled",false);
                    } else {
                        $filelist = func::db_select(DB_TABLE_POST_ATTACH, "*", "id=".$del, "", "id DESC");
                        $file_value = $filelist[0];
                        if (!empty($file_value['dir'])){
                            $dir    = $file_value['dir'];
                            $path   = $SETTING['dir_post_attach']."/".$dir;
                            if (!empty($file_value['filename'])){
                                if (file_exists($path.$filelist[0]['filename'])) {
                                    @chmod($path.$file_value['filename'], $SETTING['chmod_mode_file']);
                                    @unlink($path.$file_value['filename']);
                                }
                            }
                        }
                        $result = func::db_delete(DB_TABLE_POST_ATTACH,  "id=".$file_value['id']);
                        if (!$result) {
                            $result_state = "0";
                            $ajax_response->assign($prompt, "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['post']['attach_del_updatedb_failed']."<!-- db update error --></span>");
                            $ajax_response->assign($submit,"disabled",false);
                        }
                    }
                }

                if ($result_state == "1"){
                    $attach_list    = $list;
                    $attach_type    = "add";
                    $attach_where   = $search;
                    $attach_table   = DB_TABLE_POST_ATTACH;
                    $attach_dir     = $SETTING['dir_post_attach'];
                    list($file_str, $file_str_js) = $sys->return_post_attach_list($attach_list,$attach_type,$attach_where,$attach_table,$attach_dir);
                    
                    $ajax_response->assign($list,"innerHTML",$file_str);
                    $ajax_response->script($file_str_js);
                }

                return $ajax_response;
            }
            $bwajax->register(XAJAX_FUNCTION, "attach_del");
            function set_value_onfocus($name, $id, $value, $type="text", $maxlength="255", $style="")
            {
                global $SETTING, $LANGUAGE, $MEMBER, $ADMIN, $db, $sys, $select_option;
                $ajax_response = new xajaxResponse();
                if (!empty($style)) { $style = "style=\"".$style."\""; }

                if ($type == "text") {
                    $result = '<input type="text" id="'.$name.'_'.$id.'_input" name="'.$name.'_'.$id.'_input" value="'.$value.'" maxlength="'.$maxlength.'" size="6" class="input" '.$style.' onblur="xajax_set_value_onblur(\''.$name.'\', \''.$id.'\', this.value);">';
                    $ajax_response->assign($name.'_'.$id, "innerHTML", $result);
                    $ajax_response->script("$('#".$name."_".$id."_input').focus();");
                } elseif($type == "textarea") {
                    $result = '<textarea id="'.$name.'_'.$id.'_input" name="'.$name.'_'.$id.'_input" rows="1" cols="6" class="textarea" '.$style.' onblur="xajax_set_value_onblur(\''.$name.'\', \''.$id.'\',  this.value);">'.$value.'</textarea>';
                    $ajax_response->assign($name.'_'.$id, "innerHTML", $result);
                    $ajax_response->script("$('#".$name."_".$id."_input').focus();");
                } elseif ($type == "textarea_resize") {
                    $result = '<textarea id="'.$name.'_'.$id.'_input" name="'.$name.'_'.$id.'_input" rows="1" cols="6" class="textarea" '.$style.' onblur="xajax_set_value_onblur(\''.$name.'\', \''.$id.'\', this.value);">'.$value.'</textarea>';
                    $ajax_response->assign($name.'_'.$id, "innerHTML", $result);
                    $ajax_response->script("$('#".$name."_".$id."_input').resizable({ autohide: true, minWidth: 200, minHeight: 100,  maxWidth: 800, maxHeight: 600 });");
                    $ajax_response->script("$('#".$name."_".$id."_input').focus();");
                } elseif($type == "checkbox") {
                    $checked = $value == "1" ? "checked" : "";
                    $result = '<input type="checkbox" id="'.$name.'_'.$id.'_input" name="'.$name.'_'.$id.'_input" value="1" '.$checked.' class="checkbox" '.$style.' onblur="xajax_set_value_onblur(\''.$name.'\', \''.$id.'\', this.checked == true ? 1 : 2);">';
                    $ajax_response->assign($name.'_'.$id, "innerHTML", $result);
                    $ajax_response->script("$('#".$name."_".$id."_input').focus();");
                }
                return $ajax_response;
            }
            $bwajax->register(XAJAX_FUNCTION, "set_value_onfocus");
            function set_value_onblur($name, $id, $value="")
            {
                global $SETTING, $LANGUAGE, $ASESSION, $ADMIN, $db, $sys, $setting_attach;
                $ajax_response = new xajaxResponse();
                $if_error   = false;
                $error_msg  = array();

                // check
                if ($name == "brief") {
                    if (mb_strwidth($value,"UTF-8") > $setting_attach['brief_length']){
                        $if_error       = true;
                        $error_msg[]    = sprintf($LANGUAGE['s']['post']['attach_brief_full'],$setting_attach['brief_length']);
                    }
                }

                // update
                if (!$if_error) {
                    $sql = "UPDATE ".DB_TABLE_POST_ATTACH." SET
                                ".$name."   = '".addslashes($value)."'
                            WHERE id='".$id."'";
                    $result = $db->Execute($sql);
                    if (!$result) {
                        $if_error       = true;
                        $error_msg[]    = $db->ErrorMsg();
                    }
                }

                // select and set hidden value
                if (!$if_error) {
                    $sql = "SELECT *
                            FROM ".DB_TABLE_POST_ATTACH."
                            WHERE id='".$id."'";
                    $result = $db->Execute($sql);
                    if (!$result) {
                        $if_error       = true;
                        $error_msg[]    = $db->ErrorMsg();
                    } else {
                        $ajax_response->assign($name."_".$id."_value", "value", $result->fields[$name]);
                    }
                }

                // show new
                if (!$if_error) {
                    if ($result->fields['post_id'] == "0") {
                        $ajax_response->assign($name."_".$id, "innerHTML", "<a href=\"".$CONFIGURE['common']['control_index']."?act=attach&attach_id=".$result->fields['id']."\" target=\"_blank\">".$result->fields[$name]."</a>");
                    } else {
                        $ajax_response->assign($name."_".$id, "innerHTML", "<a href=\"".$CONFIGURE['common']['control_index']."?act=attach&post_id=".$result->fields['post_id']."&attach_id=".$result->fields['id']."\" target=\"_blank\">".$result->fields[$name]."</a>");
                    }
                }

                // alert error
                if ($if_error) {
                    $ajax_response->alert($LANGUAGE['s']['post']['error_msg_array']."\n- ".implode("\n- ", $error_msg));
                }
                return $ajax_response;
            }
            $bwajax->register(XAJAX_FUNCTION, "set_value_onblur");
            //////
            // form post ajax
            function submit_post($value, $button_submit)
            {
                global $SETTING,$LANGUAGE,$CONFIG,$CONFIGURE,$SESSION,$PROMPT,$MEMBER,$db,$sys,$c,$trans_list,$channel_info,$icon_topic_list;
                $ajax_response = new xajaxResponse();
                $error = false;
                //$ajax_response->alert(print_r($value, true)); $ajax_response->assign($button_submit,"disabled",false); return $ajax_response;

                // check the avatar
                if ( !preg_match("/^[0-9]+$/",$value['icon']) ) {
                    $error = true;
                    if(empty($anchor)) { $anchor = "icon"; }
                    $ajax_response->assign("icon_return", "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['post']['icon_empty']."</span>");
                } elseif (((int)$value['icon'] > 0) && !array_key_exists($value['icon'], $icon_topic_list)) {
                    $error = true;
                    if(empty($anchor)) { $anchor = "icon"; }
                    $ajax_response->assign("icon_return", "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['post']['icon_error']."</span>");
                } else {
                    $ajax_response->assign("icon_return", "innerHTML", "");
                }

                // check the avatar
                if (empty($value['subject'])) {
                    $error = true;
                    if(empty($anchor)) { $anchor = "subject"; }
                    $ajax_response->assign("subject_return", "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['post']['subject_empty']."</span>");
                } elseif (mb_strlen($value['subject'], "utf-8") > $CONFIG['max_topic_subject']) {
                    $error = true;
                    if(empty($anchor)) { $anchor = "subject"; }
                    $ajax_response->assign("content_return", "innerHTML", "<span class=\"prompt_failed\">".sprintf($LANGUAGE['s']['post']['subject_error'],$CONFIG['max_topic_subject'])."</span>");
                } else {
                    $ajax_response->assign("subject_return", "innerHTML", "");
                }

                // check the avatar
                if (empty($value['content'])) {
                    $error = true;
                    if(empty($anchor)) { $anchor = "content"; }
                    $ajax_response->assign("content_return", "innerHTML", "<span class=\"prompt_failed\">".$LANGUAGE['s']['post']['content_empty']."</span>");
                } elseif (mb_strlen($value['content'], "utf-8") > $CONFIG['max_topic_content']) {
                    $error = true;
                    if(empty($anchor)) { $anchor = "content"; }
                    $ajax_response->assign("content_return", "innerHTML", "<span class=\"prompt_failed\">".sprintf($LANGUAGE['s']['post']['content_error'],$CONFIG['max_topic_content'])."</span>");
                } else {
                    $ajax_response->assign("content_return", "innerHTML", "");
                }

                if (!empty($trans_list)) {
                    foreach($trans_list as $trans_value) {
                        $value['trans'][$trans_value['id']] = (int)$value['trans'][$trans_value['id']];
                        if($trans_value['if_must'] == "1") {
                            if ( $value['trans'][$trans_value['id']] <= 0 ) {
                                $error = true;
                                if(empty($anchor)) { $anchor = "trans_".$trans_value['id'].""; }
                                $ajax_response->assign("trans_".$trans_value['id']."_return", "innerHTML", "<span class=\"prompt_failed\">".sprintf($LANGUAGE['s']['post']['trans_must_select'], $trans_value['name'])."</span>");
                            } else {
                                $ajax_response->assign("trans_".$trans_value['id']."_return", "innerHTML", "");
                            }
                        }
                    }
                }

                if($error){
                    $ajax_response->assign($button_submit,"value",$LANGUAGE['s']['post']['submit_post']);
                    $ajax_response->assign($button_submit,"disabled",false);
                    $ajax_response->redirect("#".$anchor);
                }else{

                    $config_list = func::db_select(DB_TABLE_CONFIG, "name,value", "name='censor_post'");
                    if (!empty($config_list)) {
                        foreach($config_list as $v){
                            $CONFIG[$v['name']] = trim($v['value']);
                        }
                    }
                    $str_search = preg_match_all('/(.*)=/i', $CONFIG['censor_post'], $matches);
                    $str_search = $matches[1];
                    $str_replace = preg_match_all('/=(.*)/i', $CONFIG['censor_post'], $matches);
                    $str_replace = $matches[1];
                    for($i=0; $size=count($str_search),$i<$size;$i++) {
                        $value['subject'] = eregi_replace($str_search[$i], $str_replace[$i], $value['subject']);
                        $value['content'] = eregi_replace($str_search[$i], $str_replace[$i], $value['content']);
                    }

                    $sql = "INSERT INTO ".DB_TABLE_TOPIC." SET
                                channel_id              = '".addslashes($channel_info['id'])."',
                                icon                    = '".addslashes($value['icon'])."',
                                subject                 = '".addslashes(func::str_stripbr($value['subject']))."',
                                post_mid                = '".$MEMBER['id']."',
                                post_musername          = '".$MEMBER['username']."',
                                post_ip                 = '".func::return_ip()."',
                                post_time               = ".$sys->nowtime.",
                                post_pid                = '0',
                                number_reply            = '0',
                                number_click            = '0',
                                last_mid                = '".$MEMBER['id']."',
                                last_musername          = '".$MEMBER['username']."',
                                last_time               = ".$sys->nowtime.",
                                last_pid                = '0',
                                style_color             = '0',
                                style_fontstyle         = '0',
                                style_decoration        = '0',
                                style_begin             = '0',
                                style_end               = '0',
                                if_elite                = '2',
                                if_elite_begin          = '0',
                                if_elite_end            = '0',
                                if_top                  = '2',
                                if_top_begin            = '0',
                                if_top_end              = '0',
                                if_close                = '2',
                                if_close_begin          = '0',
                                if_close_end            = '0',
                                if_move                 = '2',
                                if_move_id              = '0',
                                if_del                  = '2',
                                rank                    = ".$sys->nowtime."";
                    $result = $db->Execute($sql);
                    if (!$result) {
                        $ajax_response->alert($db->ErrorMsg());
                    }else{
                        $topic_id = $db->Insert_ID();
                        if ( $channel_info['if_face'] == "1" && $value['if_face'] == "1") {
                                $value['if_face'] = "1";
                        } else {
                                $value['if_face'] = "2";
                        }
                        if ( $channel_info['if_bbcode'] == "1" && $value['if_bbcode'] == "1") {
                                $value['if_bbcode'] = "1";
                        } else {
                                $value['if_bbcode'] = "2";
                        }
                        if ( $channel_info['if_url'] == "1" && $value['if_url'] == "1") {
                                $value['if_url'] = "1";
                        } else {
                                $value['if_url'] = "2";
                        }
                        if ( $channel_info['if_html'] == "1" && $value['if_html'] == "1") {
                                $value['if_html'] = "1";
                        } else {
                                $value['if_html'] = "2";
                        }
                        $sql = "INSERT INTO ".DB_TABLE_POST." SET
                                    topic_id                = '".$topic_id."',
                                    content                 = '".addslashes($value['content'])."',
                                    quote_id                = '0',
                                    quote_path              = '',
                                    post_mid                = '".$MEMBER['id']."',
                                    post_musername          = '".$MEMBER['username']."',
                                    post_ip                 = '".func::return_ip()."',
                                    post_time               = ".$sys->nowtime.",
                                    modify_mid              = '0',
                                    modify_musername       = '',
                                    modify_ip               = '',
                                    modify_time             = '0',
                                    if_face                 = ".$value['if_face'].",
                                    if_bbcode               = ".$value['if_bbcode'].",
                                    if_url                  = ".$value['if_url'].",
                                    if_html                 = ".$value['if_html'].",
                                    floor                   = '0',
                                    rank                    = ".$sys->nowtime."";
                        $result = $db->Execute($sql);
                        if (!$result) {
                            $ajax_response->alert($db->ErrorMsg());
                        }else{
                            $post_id = $db->Insert_ID();
                            $sql_data = array(
                                "post_id"  => "".$post_id."",
                            );
                            $result = func::db_update(DB_TABLE_POST_ATTACH, $sql_data, "post_id=0 AND member_id=".(int)$MEMBER['id']."");
                            if (!$result) {
                                $ajax_response->alert($LANGUAGE['s']['post']['update_post_id_error']);
                            }
                            $sql_data = array(
                                "post_pid"  => "".$post_id."",
                            );
                            $result = func::db_update(DB_TABLE_TOPIC, $sql_data, "id=".(int)$topic_id."");
                            if (!$result) {
                                $ajax_response->alert($LANGUAGE['s']['post']['update_post_pid_error']);
                            }
                            $sql_data = array(
                                "floor"  => "1",
                            );
                            $result = func::db_update(DB_TABLE_POST, $sql_data, "id=".(int)$post_id."");
                            if (!$result) {
                                $ajax_response->alert($LANGUAGE['s']['post']['update_floor_error']);
                            }
                            if (!empty($trans_list)) {
                                foreach($trans_list as $trans_value) {
                                    if ($value['trans'][$trans_value['id']] > 0) {
                                        $sql_data = array(
                                            "topic_id"          => "".$topic_id."",
                                            "trans_group_id"    => "".$trans_value['id']."",
                                            "trans_id"          => "".$value['trans'][$trans_value['id']]."",
                                        );
                                        $result = func::db_insert(DB_TABLE_TOPIC_TRANS, $sql_data);
                                        if (!$result) {
                                            $ajax_response->alert($LANGUAGE['s']['post']['update_trans_error']);
                                        }
                                    }
                                }
                            }
                            $sql_data = array(
                                "number_total_topic"        => "number_total_topic+1",
                                "number_total_post"         => "number_total_post+1",
                                "number_today_topic"        => "number_today_topic+1",
                                "number_today_post"         => "number_today_post+1",
                                "last_topic_id"             => "'".$topic_id."'",
                                "last_topic_subject"        => "'".addslashes($value['subject'])."'",
                                "last_topic_mid"            => "'".$MEMBER['id']."'",
                                "last_topic_musername"      => "'".$MEMBER['username']."'",
                                "last_topic_time"           => "'".(int)$sys->nowtime."'",
                                "last_post_id"              => "'".(int)$post_id."'",
                                "last_post_topic_id"        => "'".(int)$topic_id."'",
                                "last_post_mid"             => "'".(int)$MEMBER['id']."'",
                                "last_post_musername"       => "'".$MEMBER['username']."'",
                                "last_post_time"            => "'".(int)$sys->nowtime."'",

                            );
                            $result = func::db_update(DB_TABLE_CHANNEL, $sql_data, "id=".(int)$channel_info['id']."");
                            if (!$result) {
                                $ajax_response->alert($LANGUAGE['s']['post']['update_channel_error']);
                            }

                            $sql_data = array(
                                "last_post"           => "'".(int)$post_id."'",
                                "total_topic"         => "total_topic+1",
                            );
                            $result = func::db_update(DB_TABLE_MEMBER_DETAIL, $sql_data, "mid=".(int)$MEMBER['id']."");
                            if (!$result) {
                                $ajax_response->alert($LANGUAGE['s']['post']['update_member_detail_error']);
                            }

                            if ((int)$MEMBER['point'] > (int)$CONFIG['point_group']['point_min']) {
                                $sql_data = array(
                                    "point"           => "point+".(int)$CONFIG['point_group']['topic_post'],
                                );
                                $result = func::db_update(DB_TABLE_MEMBER, $sql_data, "id=".(int)$MEMBER['id']."");
                                if (!$result) {
                                    $ajax_response->alert($LANGUAGE['s']['post']['update_member_point_topic_post_error']);
                                }
                            }
                            $ajax_response->redirect($CONFIGURE['common']['control_index']."?act=topic&topic_id=".$topic_id."");
                        }
                    }
                }
                return $ajax_response;
            }
            $bwajax->register(XAJAX_FUNCTION, "submit_post");

            if($sys->get['ope'] == "saveattach_upload"){
                $bwupload->lang_msg = array(
                    '0'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['0'],
                    '1'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['1'],
                    '2'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['2'],
                    '3'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['3'],
                    '4'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['4'],
                    '6'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['6'],
                    '7'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['7'],
                    '8'             => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['8'],
                    'invalid'       => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['invalid'],
                    'error_size'    => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['error_size'],
                    'error_type'    => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['error_type'],
                    'upload_failed' => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['upload_failed'],
                    'error_empty'   => $LANGUAGE['s']['_public']['lib_class_bwupload_class']['error_empty'],
                );
                $bwupload->set_size($setting_attach['size']);
                $bwupload->set_type($setting_attach['type']);

                $result_state   = "1";
                $error_msg      = "";

                $member_id = $MEMBER['id'];
                if (!preg_match("/^[1-9][0-9]*$/",$member_id)){
                    $result_state = "0";
                    $error_msg = $LANGUAGE['s']['post']['saveattach_upload_post_id_error']."<!-- post_id error -->";
                } elseif (func::db_count_record(DB_TABLE_POST_ATTACH, "post_id=0 AND member_id=".$member_id) >= $setting_attach['number']){
                    $result_state = "0";
                    $error_msg = sprintf($LANGUAGE['s']['post']['saveattach_upload_total_full'],$setting_attach['number'])."<!-- number error -->";
                } elseif (mb_strwidth($_POST['attach_brief'],"UTF-8") > $setting_attach['brief_length']){
                    $result_state = "0";
                    $error_msg = sprintf($LANGUAGE['s']['post']['saveattach_upload_brief_full'],$setting_attach['brief_length'])."<!-- brief error -->";
                } else {
                    $dir    = $setting_attach['dir'];
                    $path   = $SETTING['dir_post_attach']."/".$dir;
                    if (!file_exists($path)) { func::make_dir($path); }

                    if( !$bwupload->upload_file($path,"attach_upload") ){
                        $result_state = "0";
                        $error_msg = $bwupload->error_msg."<!-- upload error -->";
                    }else{
                        $result_state = $bwupload->proceed['attach_upload']['succeed'];
                        $error_msg = $bwupload->proceed['attach_upload']['error']."<!-- upload error message -->";
                        if ($result_state == "1") {
                            $brief = empty($_POST['attach_brief']) ? func::str_cut($bwupload->proceed['attach_upload']['name'], 0, $setting_attach['brief_length']) : $_POST['attach_brief'];
                            $sql_data = array(
                                "brief"             => "'".addslashes($brief)."'",
                                "dir"               => "'".$dir."'",
                                "filename"          => "'".$bwupload->proceed['attach_upload']['result_name']."'",
                                "post_id"           => "'0'",
                                "member_id"          => "'".(int)$MEMBER['id']."'",
                                "time"              => $sys->nowtime,
                                "down"              => "0",
                            );
                            $result = func::db_insert(DB_TABLE_POST_ATTACH, $sql_data);
                            if (!$result) {
                                if (file_exists($path.$bwupload->proceed['attach_upload']['result_name'])) {
                                    @chmod($path.$bwupload->proceed['attach_upload']['result_name'], $SETTING['chmod_mode_file']);
                                    @unlink($path.$bwupload->proceed['attach_upload']['result_name']);
                                }
                                $result_state = "0";
                                $error_msg = $LANGUAGE['s']['post']['saveattach_upload_updatedb_failed']."<!-- upload db attach_name error -->";
                            }
                        }
                    }
                }
                $CONFIGURE['common']['if_output_template'] = "0";
                $prompt_style = $result_state == "1" ? "prompt_succeed" : "prompt_failed";
                $bwjs->write("parent.xajax_attach_upload_return('".$result_state."',
                    'add',
                    '".$member_id."',
                    'post_add',
                    'attach_upload_input',
                    '<input type=\"file\" id=\"attach_upload\" name=\"attach_upload\" size=\"12\" style=\"width:140px;\" class=\"input\" onchange=\"xajax_attach_showselect(\'attach_select\',\'attach_upload_prompt\',this.value)\" />',
                    'attach_upload_submit',
                    'attach_list',
                    'attach_brief',
                    'attach_upload_prompt',
                    '<span class=\"".$prompt_style."\">".$error_msg."</span>');");
            }
            $t->assign(array(
                "channel_info"      => $channel_info,
                "channel_current"   => $sys->channel_current,
                "icon_topic_list"   => $icon_topic_list,
                "trans_list"        => $trans_list,
                "setting_attach"    => $setting_attach,
            ));
        }
    }
}
if (!empty($sys->channel_current)) {
    foreach($sys->channel_current as $v){ 
        $public_var['page_place'][] = $v['name'];
        $public_var['page_keyword'] = array_merge((array)$public_var['page_keyword'], array_filter(preg_split("/[\s,]+/", $v['keyword'])));
    }
}
$public_var['page_place'][] = $LANGUAGE['s']['post']['page_place'];
?>
